<?php
/**************************************************
MYSQL BRIDGE between MYSQL and ACTIONSCRIPT 3.0
Author: Nirmel Murtic
Version 1.0
***************************************************/

$MySQLConnection = mysql_connect( "localhost", "********", "********" );
mysql_select_db( "********" );

// security key (must be equal to key in Mysql.as file)
$MAGIC = "********";

if($_REQUEST["magic"]==$MAGIC){

if($_REQUEST["type"]=="SELECT" || $_REQUEST["type"]=="SELECT DISTINCT"){
	$Query = $_REQUEST["type"]." ";
	$i = 1;
	while( $_REQUEST["a".(string)$i] ){
		if($_REQUEST["a".(string)($i+1)]) $Query.=$_REQUEST["a".(string)$i].",";
			else $Query.=$_REQUEST["a".(string)$i]." ";
		$i++;
	}
	$Query.= "FROM ";
	$Query.=$_REQUEST["from"];
	$k = 0;
	while(strlen($_REQUEST["where"])>$k){
		if($_REQUEST["where"][$k]=='@') $_REQUEST["where"][$k]='"';
		$k++;
	}
	if(strlen($_REQUEST["where"])>0) {
		$Query.= " WHERE ";
		$Query.=$_REQUEST["where"];
	}
	
	$Result = mysql_query( $Query );
	
	if($Result){
		print "<results>\n";
		while( $Row = mysql_fetch_object( $Result ) ){
			print "<result>";
			$i=1;
			while( $_REQUEST["a".(string)$i] ){
				$j=0;
				$p='';
				$pp='';
				while($_REQUEST["a".(string)$i][$j]!=='.'){
					if(strlen($_REQUEST["a".(string)$i])==$j){
						$p = $_REQUEST["a".(string)$i];
						break;
					}
					$j++;
					$pp.=$_REQUEST["a".(string)$i];
				}
				$pom = $_REQUEST["a".(string)$i];
				
				$kk=0;
				while(strlen($pom)>$kk){
					if($pom[$kk]=='.') $pom[$kk]='_';
					if($pom[$kk]=='(') $pom[$kk]='_';
					if($pom[$kk]==')') $pom[$kk]='_';
					$kk++;
				}
				while(strlen($_REQUEST["a".(string)$i])>$j){
					$j++;
					$p.= $_REQUEST["a".(string)$i][$j];
					if($_REQUEST["a".(string)$i][$j]==')'){
						$p = $pom;
						$groupby = 1;
						break;
					}
				}
				
				if($groupby==1) {
					$groupby = 0;
					print "<".$p.">";
					print $Row->$_REQUEST["a".(string)$i];
					print "</".$p.">";
				} else {
					print "<".$p.">";
					print $Row->$p;
					print "</".$p.">";
				}
				$i++;
			}
			print "</result>\n";
		}
		print "</results>";
	} else {
		print "<results>\n";
		print "<result>FALSE</result>\n";
		print "</results>";
	}
}

if($_REQUEST["type"]=="UPDATE"){
	$Query = $_REQUEST["type"]." ";
	$Query.=$_REQUEST["tables"]." ";
	$Query.= "SET ";
	$i = 1;
	while( $_REQUEST["s".(string)$i] ){
		$s = 0;
		while(strlen($_REQUEST["s".(string)$i])>$s){
			if($_REQUEST["s".(string)$i][$s]=='@') $_REQUEST["s".(string)$i][$s]='"';
			$s++;
		}
		if($_REQUEST["s".(string)($i+1)]) $Query.=$_REQUEST["s".(string)$i].",";
			else $Query.=$_REQUEST["s".(string)$i]." ";
		$i++;
	}
	$k = 0;
	while(strlen($_REQUEST["where"])>$k){
		if($_REQUEST["where"][$k]=='@') $_REQUEST["where"][$k]='"';
		$k++;
	}

	if(strlen($_REQUEST["where"])>0) {
		$Query.= "WHERE ";
		$Query.=$_REQUEST["where"];
	}

	if(mysql_query( $Query )){
		print "<results>\n";
		print "<result>TRUE</result>\n";
		print "</results>";
	} else {
		print "<results>\n";
		print "<result>FALSE</result>\n";
		print "</results>";
	}
}

if($_REQUEST["type"]=="DELETE"){
	$Query = $_REQUEST["type"]." ";
	$Query.= "FROM ";
	$Query.=$_REQUEST["from"]." ";
	$k = 0;
	while(strlen($_REQUEST["where"])>$k){
		if($_REQUEST["where"][$k]=='@') $_REQUEST["where"][$k]='"';
		$k++;
	}
	$Query.= "WHERE ";
	$Query.=$_REQUEST["where"];
	
	if(mysql_query( $Query )){
		print "<results>\n";
		print "<result>TRUE</result>\n";
		print "</results>";
	} else {
		print "<results>\n";
		print "<result>FALSE</result>\n";
		print "</results>";
	}
}

if($_REQUEST["type"]=="INSERT"){
	$Query = $_REQUEST["type"]." ";
	$Query.= "INTO ";
	$Query.=$_REQUEST["into"]." (";
	$Query.=$_REQUEST["columns"]." ";
	$Query.=") VALUES (";
	$k = 0;
	while(strlen($_REQUEST["values"])>$k){
		if($_REQUEST["values"][$k]=='@') $_REQUEST["values"][$k]='"';
		$k++;
	}
	$Query.=$_REQUEST["values"];
	$Query.=")";
	
	if(mysql_query( $Query )){
		print "<results>\n";
		print "<result>TRUE</result>\n";
		print "</results>";
	} else {
		print "<results>\n";
		print "<result>FALSE</result>\n";
		print "</results>";
	}
}

if($_REQUEST["type"]=="DELETEAVATAR"){
	print "<results>\n";
	if(unlink("./avatars/".$_REQUEST["file"])) print "<result>TRUE</result>\n"; else print "<result>FALSE</result>\n";
	print "</results>";
}

if($_REQUEST["type"]=="DELETEMATERIJAL"){
	print "<results>\n";
	if(unlink("./materijal/".$_REQUEST["file"])) print "<result>TRUE</result>\n"; else print "<result>FALSE</result>\n";
	print "</results>";
}

} else {
		print "<results>\n";
		print "<result>SECURITY ERROR</result>\n";
		print "</results>";
}

?>